Tuesday, July 3, 2018

AFoD Interview with Mike Swindells

Flag of Calgary, Alberta

I met Mike Swindells through Shafik Punja and it was Shafik who had the capital idea of doing an AFoD blog interview with Mike so that AFoD readers could get an idea of what it's like for someone from a non-technical law enforcement background to takeover leadership of a digital forensics team. My career puts me into contact with many law enforcement leaders who find themselves in similar positions where they decided to take a risk with their careers and do something very difficult, but very rewarding. Many of these units focus exclusively or in part with combatting child exploitation and human trafficking so they make tremendous and life-altering differences in the lives of victims by identifying and rescuing them from further abuse. I have an immense amount of respect for people like Mike who decide to take the path less traveled in their law enforcement careers and to do something as difficult as conducting, supporting, or leading these  investigations.

Mike Swindell's Professional (Auto)biography

I’m currently a Sergeant with the Calgary Police Service and since December 2017 I have been the supervisor of our Digital Forensics Team. I have a little over 16 years experience with the CPS and have worked a combined 11 years in a front line patrol capacity both as a Constable responding to calls for service and as a Sergeant supervising various teams.  I spent 5 years working in an undercover surveillance unit where most of our targets belonged to organized crime groups, were homicide suspects or responsible for other violent crimes.

1. How did you get involved in law enforcement?

I originally worked as a Paramedic for 3 years close to Toronto prior to moving to Calgary in the summer of 2000.  When I got to Calgary I had trouble finding a job in EMS so I started looking into the other emergency services for work.  After attending some information sessions hosted by the Calgary Police Service I was interested enough to apply.  Fortunately for me, my previous work and life experience was a  great asset and I was hired by the CPS and started recruit class in November 2001.  My initial interest in joining the CPS was to have the ability to help people and make their lives better.  I really had no idea where my policing career would take me but over the past 16 years I’ve been lucky enough to work in a variety of different areas exposing me to many different sides of policing. 

2. How did your law enforcement career develop once you joined the Calgary Police Service?

From talking with colleagues and friends over the years I think my experience and career development has been very similar to other police officers.  I left recruit classes full of confidence and knowledge of what I had learned and hoped to apply my new skills in real life scenarios.  However I quickly learned that classroom policing is much different than policing in the real world!  The first team I joined had a very experienced group of officers and a Sgt with over 30 years of policing.  I would say my first officer coach was very intense, had high expectations of any recruit and was very good at her job.  I learned a lot from my first officer coaches and was exposed to many different scenarios.  I quickly learned that I enjoyed being what I refer to as a ‘calls for service’ police officer.  I liked attending calls, dealing with them at the time and moving on to the next call.  I think with most police officers you become very proficient and capable of attending any type of call within your first 3-5 years of policing.  I enjoyed working in a front line patrol capacity, but as I got more experience and exposure to the different units we have I began thinking of what I wanted to do next.

So after spending the first 6 years of my career as a front line patrol officer working in 2 different Districts I applied to work in an undercover surveillance unit.  At the time, it was the only dedicated surveillance unit in the service and it was highly sought after and very well respected within the CPS.  Lucky for me, I applied and was successful and began a new chapter in my career.  In order to work in surveillance I had to pass a very intense 3 week surveillance course which was very challenging but fun at the same time.  I spent a little over 5 years working in surveillance and I had some fantastic experiences and learned a whole new skillset.  When new members joined our team I began to enjoy mentoring and helping them become proficient at surveillance.  I also had the opportunity to fill in for my supervisor in an Acting Sgt capacity, something I really enjoyed doing.  The extra responsibility of running a team, dealing with any issues that would come up was challenging but rewarding at the same time.  Eventually I decided that applying for promotion to the rank of Sgt was what I wanted to do.  I enjoyed supervising people and was at a point in my career where I wanted a new challenge and opportunity.  Unfortunately the first time I applied for promotion I was unsuccessful but I didn’t let that stop me from continuing my personal growth and development.  I returned to patrol and was promoted 18 months later and began supervising front line patrol members.   One of the best things about our job is that constant opportunity to try new things and work in different areas.  So after almost 4 years of being a front line patrol supervisor I began looking at where my career would take me next.  Enter the wonderful world of Digital Forensics!  I had heard rumours that a Sgt position within our Cyber/Forensics Unit was going to become available so I reached out to former colleagues and friends who currently worked in that area.  Not knowing a thing about Digital Forensics I began asking questions and visited our lab a few times.  Still, with very little knowledge I applied and got the job, which is where I find myself now.  The past few months have been very challenging at times however when it comes right down to it, I still supervise people and manage calls.  I don’t need to know how the guys do what they do, I just need to know what they are capable of doing.  And I must give credit to the group of police officers that I supervise now, they have all been excellent and patient when explaining things to me and when I ask ‘simple’ questions about forensics!

3. So you’ve entered this wild and wonderful world of digital forensics.  As you have settled into your new role leading a digital forensics team, what are some of the things that surprised you about the digital forensics world?

I think the biggest surprise was how much information and data is actually contained within digital devices and how much critical evidence can be found.  Coming in to this world I thought it would all be about recovering deleted texts, emails and call logs from devices by simply plugging them in to a computer.  Not so simple as it turns out and so much more information can be found.  Not being exposed to digital forensics before I never really thought about how much data can be found on devices.

Next was the cost of running a digital forensics lab.  Software renewals and equipment are not cheap, and when certain companies are the only ones who can provide their service they can set their price wherever the like.  We all know that technology is always evolving and becoming better so new tools, software and training are required to keep up with change.  Courses are also so expensive!  When our members have completed their ‘basic’ courses at the Canadian Police College and are looking at maintaining and increasing their skillset we (in Canada) generally have to send our members to courses in the US.  Factor in the cost of travel, the exchange rate and the cost of courses we can only afford to send our examiners on 1 course a year.  We are very lucky though, as the CPS has committed to giving us a healthy yearly training budget so our examiners do have the opportunity to attend various training courses.  (generally in very nice warm places J)    

Another pleasant surprise, which in hindsight is not surprising at all is the level of commitment and knowledge that our examiners have.  All our examiners have such a passion for their jobs and really enjoy doing what they do.  Much like other specialty areas within our police service, our digital forensic examiners are just as passionate about their jobs as the members of K9, Tactical Team, homicide investigators or any other specialty area are.  They train and work just as hard as anyone else, they just happen to do it from behind a keyboard as opposed to a Glock.  If someone recognizes that we could be doing something better or that an app can be created to make our end product better, they will.  Everything our examiners do on a day to day basis is in an effort to make our lab more efficient and be better than the day before. 

As the months go by I’m still amazed by the work our examiners do but as I get to know them better and how smart they actually are I will be less and less ‘surprised’ with their brilliance!   

4. What does an average week look like for you in leading your team? What do you find yourself spending the most time on?

The majority of my time is focused around managing our Intake Queue and deciding which files should be assigned next.  When I first started back in December 2017 we had around 20 files waiting to be assigned, currently we’re at 45 with close to 100 exhibits requiring our attention.  The majority of our files come from our Major Crimes Section, those being Homicide, Sex Crimes and Child Abuse.  Some files only have 1 or 2 exhibits while others can have anywhere from 10-15.  Our in house Intake Queue was designed by one our tech’s and provides a lot of information that helps me decide which files are assigned next.  One of the biggest factors involved in deciding when a file is assigned is if there is a search warrant attached to it and when it expires.  More than 50% our of files have search warrant time frames so I always have to be aware of when they expire so that I don’t have to tell the investigator that they need to request an extension if we are unable to examine their device within the initial time frame requested.  Crimes against people often take priority over property or drug related files, however I still thinks it’s important to have those files/devices examined so I try to alternate assigning major crimes files with the other ones that come in.  I also feel strongly about assigning files from our front line patrol members as quickly as I can.  Our front line officers are so busy and overworked that if one of them has taken the time to seize a device and write a search warrant then I think it’s very important to show them that we are willing and capable of helping them out when they need it.

Another big part of my job is offering advice when it comes to safely seizing, storing  and how to write a search warrant for an electronic device prior to it coming to our office for examination.  I also find myself having to  explain to investigators why it takes so long to examine and extract data from devices.  Currently we ask for a 6 month time frame to examine devices, which can be frustrating for investigators especially if they need evidence from a device prior to laying charges.  Everyone’s file is very important to them and want as much information or evidence that is available to them and sometimes having to wait months isn’t what they want to hear.

When I first started in DFT I wanted to expand my technical knowledge base around computers and cell phones but I had no idea where to turn.  Thankfully I was directed to your organization and I started taking the on-line courses that NW3C provides to the LE community.  So the first few weeks of supervising the members of DFT I completed at least one or two on-line courses so I had a better understanding of what they guys were talking about!  Since then I’ve moved on to taking on-line Comptia A+ courses to expand my limited knowledge base further.  I have to admit that even though I was never close to being a ‘computer geek’ or even interested in the internal workings of computers I’m really enjoying learning about these things and think I’ll continue taking courses and seminars when time permits.  With my increased knowledge base I also like shadowing the guys in the lab and watching them work and have them explain what and how they are doing things.  Lately I’ve been trying to help out by starting the initial exam process by doing the relatively simple things like photographing the exhibit and extracting the SIM card information so when the file is assigned the guys can get straight to the examination process.  

Other typical supervisor things I do on a weekly basis include managing time off, vacation requests, approving time sheets and advocating to my bosses that we are working at over- capacity and need more tech’s.  I hope this gives a brief glimpse into our lab in Calgary and what my typical work week looks like.

5. What sort of cases does your team get involved with?  

Our team examines devices from almost any criminal offence you can think of.  The files that take up our most time however are generally homicide files that can have anywhere from between 1-15 exhibits that require examination.  Currently our intake queue has 45 files waiting to be assigned and they include homicides, sexual assaults, aggravated assaults, child abuse, fraud, criminal harassment (stalking), drugs, voyeurism, extortion, stolen property and break and enter files.  Occasionally we are asked to attend crime scene locations to examine devices on site or attend search warrants for the same reasons.  When time permits some of our techs also get involved in R&D to create app’s or trouble shoot problems that come up.  One recent example of this is one of our tech has written a script to help decrypt secure notes found on an iPhone that were extracted by our Graykey for another local police agency.  The app he created is now being shared with a Detective from Nashville investigating a child abuse case where potential evidence is located in the secure notes feature of an iPhone.  Unfortunately our guys are so busy that not enough time can be dedicated to R&D which is unfortunate since they create very useful app’s that make their jobs easier and more efficient.  Historically they have also been asked by other work areas within the CPS to create databases to help those areas track their files.  For now though, until our work area is better staffed the R&D work they do has to take a back seat so that we can keep up the work we get on a daily basis. 

6. What advice would you give someone else who found themselves in charge of a similar unit without having done digital forensics work prior to that assignment?

Good question.  I think the biggest thing to remember is to not get to hung up on the technology side of things and remember that you are first and foremost a supervisor and not a digital forensics tech.  For me it was very important to begin by understanding what the tech’s on our team are capable of doing but not necessarily understanding how they do it.  This is still a work in progress but they guys are very supportive and patient with my questions.  I know that I will never come close to having the same level of computer/technical knowledge or experience the guys have and I accept that, which goes back to my first point of realizing that I’m a supervisor and my job is very different than theirs.  I would encourage anyone thinking of taking on this role to attend their lab, speak with the techs and actually see what their jobs are all about, it might surprise you.  Be prepared to say ‘no’ as well.  Software, hardware and training are all very expensive, and as nice as it is to have every tool at your disposal it’s just not financially feasible for tech’s to have everything they want, not necessarily need, especially for a municipal police service like ours.  Looking back I would also consider completing the Comptia A+ course prior to managing a lab.  Although it’s not necessary, and I still firmly believe a supervisor does not need previous computer or tech experience, it would definitely help especially if you could speak a little bit of computer language with your techs.  Not to belabour my first point but I think the most important thing to remember is that you are a supervisor and it’s your job to supervisor the people in your lab.  Everything else will fall in to place if you keep that your priority.  The past 6 months have definitely been eye opening for me, especially on the technical side of things, but overall supervising a digital forensics lab with no previous experience has had its challenges however is very rewarding and enjoyable. 

Sunday, June 17, 2018

Life After Law Enforcement: How to Prepare

I decided to delay the progression of the Life After Law Enforcement series since I was involved in an active hiring process and I didn’t want to provide any unfair advantage to candidates who read the upcoming “how to prepare” content in the series after others had actually put in resumes.  For example, I’m going to devote an entire blog post just to resumes alone and didn’t want to re-enact a scene from Patton where one candidate got to “read my book” while other candidates didn’t get to do that because they put in resumes before I got the post out.

Now that we’re past the resume intake process and the jobs aren’t posted anymore, I can fire off this next blog post.

One of the best bits of a career advice that I have received is to always prepare for the next job.  The “next job” might never be necessary, it might be an opportunity inside of the organization that you are already in, or it could be with an entirely new organization and even in an entirely new career field.  

One of the first steps in preparing for that next job is to define your goals for that post-law enforcement job. What do you consider your priority items? Is it working in a specific industry, a specific role, or even a specific geographical location?  Your goals will dictate the strategies and tactics that you use to prepare and obtain your next job.  You should be talking to those who have gone before you into the great wide world of the private sector to see what their experiences have been and what they can tell you about their jobs and organizations.  The better an idea that you have of the of what job you want and what its requirements are, the better you will be able to prepare.

Frankly, the most important strategy for job searching is networking.  Making connections with others will help you learn about the job market, how to prepare for specific jobs, and it will greatly increase your ability to land a job.  The age-old phrase, “It’s not what you know, it’s who you know” is partially true.  It’s both what you know and who you know that will lead to landing that shiny new job.  It’s not that you can’t get a good job by blindly firing a resume into a job posting (I’ve hired people that way many times during my career), but you have a much stronger possibility of success if you already have pre-established relationships in the organization you are trying to work for especially if it’s with the hiring manager or someone on that person’s team.

You should have a well-written, professionally reviewed resume. Period. I’ve been a hiring manager for over a decade now and I can tell you with metaphysical certitude that most people’s resumes are abject clown shows.  I swear most of the resumes I get are just a few steps above being written with crayon on unicorn stationary. I’ll leave that alone for now, but I’m going to devote an upcoming blog post in this series exclusively to resumes.

One of the best tools that you can have for your job search is a well-designed LinkedIn profile. Your profile should largely reflect your properly crafted and professional resume and you also have the option of also posting your resume on your LinkedIn profile. Your profile should include a professional looking picture because you have to assume that any hiring manager who is interested in hiring you is going to do at least a cursory social media search for you that will include your LinkedIn profile as one of their first stops.

Start searching LinkedIn and various other job sites for job postings and pay close attention to what skills are being sought after by employers. Do they require a college degree? Are there particular certifications that they require or are preferred? What technical skills are they calling out as being important to the position? The job postings are going to be giving you important roadmap on what employers want to see from candidates which will help guide you in your preparation.

If you are in this business, you probably have at least some basic open source intelligence skills. Time to start using that skill set to help land you a job. Find job postings that you find interesting and start doing your research using tools like LinkedIn on people inside of that organization so you can reach out to them and start making friends and collecting information.   The holy grail of this sort of research is figuring who the hiring manager is for active roles so that you can make contact with them.  Even if you aren’t ready to start applying right at the moment, it’s smart to make contacts and start learning what hiring managers want out of job applicants. 

One of your strategies should be creating a body of work that demonstrates what you are good at and passionate about. I know the phrase “personal brand” sounds silly, but there’s quite a bit of truth to it. Learning and contributing through methods such as Twitter, blogging, conference presentations, volunteering (like at your local BSides), and the like will go a long way in establishing yourself as someone an employer knows is passionate and capable.  You do not have to be doing cutting edge and highly technical content to be a contributor.  There are new people entering the digital forensics world all the time and having someone explain concepts to them in ways they can understand is immensely valuable. For example, there’s nothing wrong creating a well-crafted blog post or conference presentation that explains a known concept in a clear and concise manner. If you do want to delve into unique areas, look ahead a bit and see where you think the digital forensics world is going to need to up to speed quickly and where there isn’t much work being done.  That’s one of the reasons why I’m spending so much time and energy on blockchain investigations.  It’s a gap in our collective knowledge and it’s just really, really cool.

Another good idea is to get yourself a mentor who can help advise you through your career transition. Ideally, this would be someone who is a hiring manager in an organization or industry that you are targeting in your job search. This person can help be your Sherpa guide for your transition into life after law enforcement and might very well end up being someone who hires you. I’ve successfully mentored people who are looking to break into the industry and were successful in doing so.

The questions that I tend to get revolve around what skills are needed to land a job and be successful outside of law enforcement. In general, the answer to that question is a function of what sort of job that you are interested in.  This is why I recommend paying close attention to job postings even before someone is considering making application.  The job postings are going to answer those questions in that they will be telling applicants what the hiring organization is looking for in an applicant.  That said, one of the universal skills that I tell people to start shoring up quickly is learning anything and everything they can about computer networking.

When I left law enforcement, I knew quite a bit about operating systems, but not much at all about networking.  I filled that gap by studying for and passing the CompTIA Network+ exam as well as the Cisco CCNA and CCDA exams.  I even started passing exams for the CCNP certification. Through that process, I learned an immense amount about how computer networks worked and ended up being my organization’s VPN engineer along with doing digital forensics work in my first role in the private sector digital forensics world.  I also studied for and passed the CompTIA iNet+ (which is no longer offered), A+, and Linux+ exams.  I found that, at least for me, learning a skill knowing that I would have to pass a certification exam at the end of the process worked very well for me when it came to expanding my knowledge.  It was also nice to list a horde of certifications on my resume since human resources and some hiring managers like to see that sort of thing.

The other question I tend to get is what role a college degree should play in preparing for people who don’t already have one.  This one is a big tougher to answer so I’ll throw out the lawyerly answer of “It depends”. If you’ve got loads of marketable job skills and experience and you’re meeting or exceeding the requirements of the jobs that you are interested in pursuing, it may very well be a bad idea to spend all of the time and money doing a degree before getting hired somewhere especially if you are doing it while you have family obligations. However, in some depressingly stupid organizations even if you can get hired without a degree, it can be tough to get promoted without one which puts downward pressure on your career path.

I did my first graduate degree while I was working as a police officer and that was quite a bit of work.  I did my second graduate degree while I was working in the private sector running a global digital forensics team and having a family and that was nightmarish at times.  So, unless you are going to be obtaining marketable skills at a reasonable price through the degree process, it may not be a great idea. The trick is understanding that many degree programs are grossly overpriced relative to their value.  For example, going $80,000 in debt in your forties for a digital forensics degree is probably not going to make any sense.

One of the big problems with getting a degree is that the bachelor’s degree system here in the United States generally takes four years or more due to the general education requirements so you can find yourself later in life sitting in class (physically or virtually) taking Babylonian Astrology 101 when you really just want to increase your marketable job skills.  You can’t even think about doing a graduate degree chock full of technical goodness until you’ve banged out that undergraduate degree. 

Ireland to the rescue on that front.  University College Dublin offers a graduate degree in Forensic Computing & Cybercrime Investigation that does not require an undergraduate degree to enter the program if you have enough prior experience and training and can be done from the United States. This is the program that the mighty Cindy Murphy went through and I know others who have entered the program and think very highly of it. 

The primary takeaway from this blog post should be that the burden of preparing for and landing that next role is squarely on you. Not doing any research or preparation and blindly firing off a third-rate resume into random job postings is one of the worst ways you can go about this process.  The more you take control of the process through preparation and networking, the better your result will be.